<?php

/************************************

EasyCB, Community Forum Software
Copyright (C) 2007, 2008  Jonathon D. Keogh <jonathon.keogh@gmail.com>

This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.

$Id: page.admin.users.php 191 2008-05-12 17:06:00Z jonathon.keogh $

************************************/

require "inc.func.php";

if(!user_loggedin() || user_level(user_name(sess_get("UserID"))) < 2)
{
	page_redirect("page.boards.php");
}

page_header("Users");

page_section();
print "<a href=\"page.admin.php\">Return to Administration tasks</a>";
if(isset($_GET['id']))
{
	print " - <a href=\"?\">Back to user list</a>";
	if(isset($_GET['action']))
	{
		print " - <a href=\"?id=" . urlencode($_GET['id']) . "\">About " . htmlentities(user_name($_GET['id'])) . "</a>";
	}
}
page_section();

if(isset($_GET['id']) && user_exists(user_name($_GET['id'])) && user("Deleted", $_GET['id']) == 0)
{
	$action = isset($_GET['action']) ? $_GET['action'] : "";
	
	if($action == "delete")
	{
		if(isset($_POST['confirm']))
		{
			if(sess_get("UserID") == $_GET['id'])
			{
				page_section("Error");
				print "You cannot delete yourself.";
				page_section();
			} else {
				db_query("UPDATE `" . config_get("db_prefix") . "users` SET `Deleted`='" . time() . "' WHERE `ID`='" . db_escape($_GET['id']) . "';");
				config_set("UserCount", config_get("UserCount") - 1);
				page_redirect("?");
			}
		} elseif(isset($_POST['cancel'])) {
			page_redirect("?");
		}
		page_section("Confirm your action");
?>

<form action="?id=<?=urlencode($_GET['id']) ?>&amp;action=<?=urlencode($action) ?>" method="POST">
	<b style="font-size: 15pt;">Are you sure you want to delete this user?</b><br>
		The user you've selected to delete: <?=htmlentities(user_name($_GET['id'])) ?><br>
	<br>
	Deleting this user will not remove their posts.<br>
	<br>
	<button type="submit" name="confirm">Confirm deletion</button> <button type="submit" name="cancel">Cancel</button>
</form>

<?php
		page_section();
	} elseif($action == "info") {
		$user = db_query("SELECT * FROM `" . config_get("db_prefix") . "users` WHERE `ID`='" . db_escape($_GET['id']) . "';");
		$user = db_fetch_assoc($user);
		
		$_username = $user['Username'];
		$_name = $user['Name'];
		$_title = $user['Title'];
		$_aim = $user['AIM'];
		$_icq = $user['ICQ'];
		$_msn = $user['MSN'];
		$_yim = $user['YIM'];
		
		if(isset($_POST['name']))
		{
			$_username = trim($_POST['username']);
			$_name = trim($_POST['name']);
			$_title = trim($_POST['title']);
			$_aim = trim($_POST['aim']);
			$_icq = trim($_POST['icq']);
			$_msn = trim($_POST['msn']);
			$_yim = trim($_POST['yim']);
			
			if(strlen($_name) < 1)
			{
				$error = "No name given";
			} elseif(strlen($_name) > 100) {
				$error = "The name given is too long";
			} elseif(strlen($_username) < 1) {
				$error = "No user name given";
			} elseif(strlen($_username) > 50) {
				$error = "The user name given is too long";
			} elseif(strlen($_title) > 100) {
				$error = "The title given is too long";
			} elseif(strlen($_aim) > 30) {
				$error = "The AOL Instant Messenger screen name given is too long";
			} elseif(strlen($_icq) > 20) {
				$error = "The I-Seek-You number given is too long";
			} elseif($_icq != "" && !is_numeric($_icq)) {
				$error = "The I-Seek-You number given isn't valid";
			} elseif(strlen($_msn) > 70) {
				$error = "The MSN Messenger address given is too long";
			} elseif(strlen($_yim) > 70) {
				$error = "The Yahoo! Instant Messenger screen name given is too long";
			} else {
				db_query("UPDATE `" . config_get("db_prefix") . "users` SET `Name`='" . db_escape($_name) . "', `Title`='" . db_escape($_title) . "', `Username`='" . db_escape($_username) . "', `AIM`='" . db_escape($_aim) . "', `ICQ`='" . db_escape($_icq) . "', `MSN`='" . db_escape($_msn) . "', `YIM`='" . db_escape($_yim) . "' WHERE `ID`='" . db_escape($_GET['id']) . "';");
				page_redirect("?id=" . urlencode($_GET['id']));
			}
		}
		
		if(isset($error))
		{
			page_section("An error occured");
			print "<b style=\"color: #FF0000;\">$error</b>";
			page_section();
		}
		
		print "<form onsubmit=\"document.getElementById('go').disabled=true;document.getElementById('go').innerHTML='Patience!';\" action=\"?id=" . urlencode($_GET['id']) . "&amp;action=info\" method=\"POST\">\n";
		page_section("User information");
?>

User name:<br>
<input type="hidden" name="username" value="<?=htmlentities($_username) ?>" size="40" id="username1"><span id="username2"><b><?=htmlentities($_username) ?></b> <small>(<a href="javascript:;" onclick="u1=document.getElementById('username1');u2=document.getElementById('username2');u1.type='text';u2.style.visibility='hidden';u1.focus();">change</a>)</small></span><br>
<br>
Name:<br>
<input name="name" value="<?=htmlentities($_name) ?>" size="40"><br>
<br>
Title:<br>
<input name="title" value="<?=htmlentities($_title) ?>" size="40"><br>
<br>
AOL Instant Messenger:<br>
<input name="aim" value="<?=htmlentities($_aim) ?>" size="40"><br>
<br>
I-Seek-You (ICQ):<br>
<input name="icq" value="<?=htmlentities($_icq) ?>" size="40"><br>
<br>
MSN Messenger:<br>
<input name="msn" value="<?=htmlentities($_msn) ?>" size="40"><br>
<br>
Yahoo! Instant Messenger:<br>
<input name="yim" value="<?=htmlentities($_yim) ?>" size="40"><br>
<br>
<button type="submit" id="go">Submit changes</button>

<?php
		page_section();
		print "</form>\n";
	} elseif($action == "password") {
		if(isset($_POST['password1']))
		{
			$_password1 = $_POST['password1'];
			$_password2 = $_POST['password2'];
			
			if($_password1 == "")
			{
				$error = "No password given";
			} elseif($_password1 != $_password2) {
				$error = "The two passwords given do not match";
			} else {
				db_query("UPDATE `" . config_get("db_prefix") . "users` SET `Password`='" . md5($_password1) . "' WHERE `ID`='" . db_escape($_GET['id']) . "';");
				page_redirect("?id=" . urlencode($_GET['id']));
			}
		}
		
		if(isset($error))
		{
			page_section("An error occured");
			print "<b style=\"color: #FF0000;\">$error</b>";
			page_section();
		}
		
		print "<form onsubmit=\"document.getElementById('go').disabled=true;document.getElementById('go').innerHTML='Patience!';\" action=\"?id=" . urlencode($_GET['id']) . "&amp;action=password\" method=\"POST\">\n";
		page_section("Change password");
?>

User name:<br>
<b><?=htmlentities(user_name($_GET['id'])) ?></b><br>
<br>
New password:<br>
<input name="password1" type="password" size="40"><br>
<br>
New password (confirm):<br>
<input name="password2" type="password" size="40"><br>
<br>
<button type="submit" id="go">Submit changes</button>

<?php
		page_section();
		print "</form>\n";
	} elseif($action == "level") {
		$_level = user_level(user_name($_GET['id']));
		
		if($_GET['id'] == sess_get("UserID"))
		{
			$error = "You cannot change your own level";
		}
		
		if(isset($_POST['level']))
		{
			$_level = $_POST['level'];
			
			if($_level < 0 || $_level > 2)
			{
				$error = "Invalid level";
			} elseif($_GET['id'] == sess_get("UserID")) {
				// Reset the level
				$_level = user_level(user_name($_GET['id']));
			} else {
				db_query("UPDATE `" . config_get("db_prefix") . "users` SET `Level`='" . db_escape($_level) . "' WHERE `ID`='" . db_escape($_GET['id']) . "';");
				page_redirect("?id=" . urlencode($_GET['id']));
			}
		}
		
		if(isset($error))
		{
			page_section("An error occured");
			print "<b style=\"color: #FF0000;\">$error</b>";
			page_section();
		}
		
		print "<form onsubmit=\"document.getElementById('go').disabled=true;document.getElementById('go').innerHTML='Patience!';\" action=\"?id=" . urlencode($_GET['id']) . "&amp;action=level\" method=\"POST\">\n";
		page_section("User level");
?>

This user is currently a<?=($_level == 0 ? " normal user" : ($_level == 1 ? " moderator" : "n administrator")) ?>.<br>
<br>
User level:<br>
<select name="level">
	<option value="0"<?=($_level == 0 ? " selected" : "") ?>>Normal user</option>
	<option value="1"<?=($_level == 1 ? " selected" : "") ?>>Moderator</option>
	<option value="2"<?=($_level == 2 ? " selected" : "") ?>>Administrator</option>
</select>
<button type="submit" id="go">Submit changes</button>

<?php
		page_section();
		print "</form>\n";
	} else {
		page_section("About " . htmlentities(user_name($_GET['id'])));
?>

<table width="100%">
	<tr>
		<td width="50%" valign="top">
			<table width="100%">
				<tr>
					<td width="100">User name:</td>
					<td><?=htmlentities(user("Username", $_GET['id'])) ?></td>
				</tr>
				<tr>
					<td>Title:</td>
					<td><?=htmlentities(user("Title", $_GET['id'])) ?></td>
				</tr>
				<tr>
					<td>Real name:</td>
					<td><?=htmlentities(user("Name", $_GET['id'])) ?></td>
				</tr>
				<tr>
					<td>E-mail address:</td>
					<td><?=htmlentities(user("Email", $_GET['id'])) ?></td>
				</tr>
				<tr>
					<td>Level:</td>
					<td><?=(($level=user("Level", $_GET['id'])) == 0 ? "Normal user" : ($level == 1 ? "Moderator" : "Administrator")) ?></td>
				</tr>
				<tr>
					<td>Post count:</td>
					<td><?=htmlentities(user("PostCount", $_GET['id'])) ?></td>
				</tr>
			</table>
		</td>
		<td width="50%" valign="top">
			<table width="100%">
				<tr>
					<td width="100">AIM:</td>
					<td><?=($im=user("AIM", $_GET['id'])) == "" ? "<i>None listed</i>" : htmlentities($im) ?></td>
				</tr>
				<tr>
					<td>ICQ:</td>
					<td><?=($im=user("ICQ", $_GET['id'])) == "" ? "<i>None listed</i>" : htmlentities($im) ?></td>
				</tr>
				<tr>
					<td>MSN:</td>
					<td><?=($im=user("MSN", $_GET['id'])) == "" ? "<i>None listed</i>" : htmlentities($im) ?></td>
				</tr>
				<tr>
					<td>YIM:</td>
					<td><?=($im=user("YIM", $_GET['id'])) == "" ? "<i>None listed</i>" : htmlentities($im) ?></td>
				</tr>
				<tr>
					<td>Registered:</td>
					<td><?=date(config_get("DateString"), user("RegisterTime", $_GET['id'])) ?>, from <?=user("RegisterIP", $_GET['id']) ?></td>
				</tr>
				<tr>
					<td>Last seen:</td>
					<td><?=date(config_get("DateString"), user("LastSeenTime", $_GET['id'])) ?>, from <?=user("LastSeenIP", $_GET['id']) ?></td>
				</tr>
			</table>
		</td>
	</tr>
</table>

<?php
		page_section();
		
		page_section("Change account");
?>

Select a task to perform on this user:
<ul>
	<li><a href="?id=<?=urlencode($_GET['id']) ?>&amp;action=info">Edit information</a></li>
	<li><a href="?id=<?=urlencode($_GET['id']) ?>&amp;action=password">Change <?=htmlentities(user_name($_GET['id'])) ?>'s password</a></li>
	<li><a href="?id=<?=urlencode($_GET['id']) ?>&amp;action=level">Change <?=htmlentities(user_name($_GET['id'])) ?>'s level</a></li>
	<li><a href="?id=<?=urlencode($_GET['id']) ?>&amp;action=delete">Delete <?=htmlentities(user_name($_GET['id'])) ?></a></li>
</ul>

<?php
		page_section();
	}
} else {
page_section("Registered users");
?>

<table width="100%">
	<tr>
		<td><b>User name</b></td>
		<td width="200"><b>E-mail address</b></td>
		<td width="100"><b>Level</b></td>
		<td width="100"><b>Post count</b></td>
		<td width="200"><b>Member since</b></td>
		<td width="100">&nbsp;</td>
	</tr>
<?php

$users = db_query("SELECT * FROM `" . config_get("db_prefix") . "users` ORDER BY `RegisterTime` ASC;");
while($user = db_fetch_assoc($users))
{
	$del1 = "";
	$del2 = "";
	
	if($user['Deleted'] > 0)
	{
		$del1 = "<span style=\"color: gray;\">";
		$del2 = "</span>";
	}
	
	print "<tr><td>$del1" . htmlentities($user['Username']) . "$del2</td><td>$del1" . htmlentities($user['Email']) . "$del2</td><td>$del1" . ($user['Level'] != 0 ? ($user['Level'] == 1 ? "Moderator" : "Administrator") : "Normal user") . "$del2</td><td>$del1{$user['PostCount']}$del2</td><td>$del1" . date(config_get("DateString"), $user['RegisterTime']) . "$del2</td>" . ($user['Deleted'] > 0 ? "<td>&nbsp;</td>" : "<td align=\"right\"><a href=\"?id=" . urlencode($user['ID']) . "\">Edit user</a></td>") . "</tr>\n";
	if($user['Deleted'] > 0)
	{
		print "<tr><td colspan=\"4\">&nbsp;</td><td>{$del1}Deleted: " . date(config_get("DateString"), $user['Deleted']) . "{$del2}</td><td>&nbsp;</td></tr>\n";
	}
}

?>
</table>

<?php
page_section();
}

page_footer('$Id: page.admin.users.php 191 2008-05-12 17:06:00Z jonathon.keogh $');

?>